SecureWorld News

Business to Congress: 'Regulate Our Cybersecurity in These 3 Ways'

Written by SecureWorld News Team | Fri | Jan 5, 2018 | 9:18 PM Z

They are powerful trade groups that represent banks, retail, insurance, tech and other industry verticals across the United States.

And they're actually uniting on something right now: asking Congress to increase federal cybersecurity regulations on their own members so everyone is on a level playing field and all are clear on information security expectations.

3 ways to regulate cybersecurity

The letter these groups sent to a House Energy and Commerce Committee was very specific about how these new regulations should go and what they should look like. Here are the three cybersecurity regulation specifics they requested:

  1. A flexible, scalable standard for data protection that factors in (1) the size and complexity of an organization, (2) the cost of available tools to secure data, and (3) the sensitivity of the personal information an organization holds, as well as guarantees that small organizations are not burdened by excessive requirements.

  2. A notification regime requiring timely notice to impacted consumers, law enforcement, and applicable regulators when there is a reasonable risk that a breach of unencrypted personal information exposes consumers to identity theft or other financial harm.

  3. Consistent, exclusive enforcement of the new national standard by the Federal Trade Commission (FTC) and state Attorneys General, other than for entities subject to state insurance regulation or who comply with the Gramm-Leach-Bliley Act or the Health Insurance Portability and Accountability Act of 1996/HITECH Act. For entities under its jurisdiction, the FTC should have the authority to impose penalties for violations of the new law.

Why trade groups and industry want more federal cybersecurity regulations

Why would these groups and the companies they represent ask for federal regulations to increase? Their last request sums it up nicely: "Clear preemption of the existing patchwork of often conflicting and contradictory state laws."

Will this spur Congress to act, when even the Equifax breach was not enough?

Stay tuned, cybersecurity fans, stay tuned.
View full post